REMARKS 

The Office Action dated November 24, 2007 has been received and carefully 
noted. The above amendments to the claims, and the following remarks, are submitted as 
a full and complete response thereto. 

Claims 1-8, 11, and 16-18 have been amended to more particularly point out and 
distinctly claim the subject matter of the invention. New claims 19-20 have been added. 
No new matter has been added and no new issues are raised which require further 
consideration or search. Therefore, claims 1-20 are currently pending in the application 
and are respectfully submitted for consideration. 

The Office Action rejected claims 1-18 under 35 U.S.C. § 102(e) as being 
anticipated by U.S. Publication No. 2004/0215957 ("Moineau"). The rejection is 
respectfully traversed for at least the following reasons. 

Claim 1, upon which claims 2-7 are dependent, recites an apparatus, which 
includes a router configured to route subscriber traffic flow between at least two wireless 
access networks and an internet protocol network. The at least two wireless access 
networks correspond to different customer networks. The apparatus further includes a 
generator configured to generate at least one instance for executing a security function on 
a subscriber traffic flow, so that physically one security instance for subscribers of at 
least two wireless access networks is present and logically at least one of the at least two 
wireless access networks has a respective security instance. 
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Claim 8, upon which claim 9-15 are dependent, recites a method, which includes 
providing at least one instance to execute a security function on subscriber traffic flow 
routed between at least two wireless access networks and an IP network, where the at 
least two wireless access networks correspond to different customer networks, by 
logically separating the at least one instance for at least two wireless access networks, so 
that physically one security instance for subscribers of the at least two wireless access 
networks is present and logically at least one of the at least two wireless access networks 
has a respective security instance. 

Claim 16 recites a network node which includes a connection which connects a 
network node to a distributed routing device configured to route subscriber traffic flow to 
and from an internet protocol network. The distributed routing device is configured to 
route subscriber traffic flow between at least two wireless access networks and an 
internet protocol network. The at least two wireless access networks correspond to 
different customer networks. The distributed routing device comprises at least one 
instance for executing a security function on a subscriber traffic flow, so that physically 
one security instance for subscribers of at least two wireless access networks is present 
and logically at least one of the at least two wireless access networks has a respective 
security instance. The at least one logical part of the security instance is associated with 
a context of a respective one of the wireless access networks and comprises an interface 
with the respective wireless access network. The network node further includes a 
modifying device configured to modify the context in the at least one logical part of the 
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security instance associated with the respective one of the wireless access network via a 
respectively provided interface. 

Claim 17 recites a network system, which includes at least two wireless access 
networks and a distributed routing device configured to route subscriber traffic flow 
between the at least two wireless access networks and an internet protocol network. The 
at least two wireless access networks correspond to different customer networks. The 
distributed routing device is configured to route subscriber traffic flow between at least 
two wireless access networks and an internet protocol network. The distributed routing 
device includes at least one instance for executing a security function on a subscriber 
traffic flow, so that physically one security instance for subscribers of at least two 
wireless access networks is present and logically at least one of the at least two wireless 
access networks has a respective security instance. 

Claim 18 recites an apparatus, which includes routing means for routing subscriber 
traffic flow between at least two wireless access networks and an internet protocol 
network. The at least two wireless access networks correspond to different customer 
networks. The apparatus further includes generating means for generating at least one 
instance for executing a security function on a subscriber traffic flow, so that physically 
one security instance for subscribers of at least two wireless access networks is present 
and logically at least one of the at least two wireless access networks has a respective 
security instance. 
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Claim 19 recites a network node, which includes connection means for connecting 
a network node to distributed routing means for routing subscriber traffic flow to and 
from an internet protocol network. The distributed routing means routes subscriber 
traffic flow between at least two wireless access networks and an internet protocol 
network. The at least two wireless access networks correspond to different customer 
networks. The distributed routing device comprises at least one instance for executing a 
security function on a subscriber traffic flow, so that physically one security instance for 
subscribers of at least two wireless access networks is present and logically at least one of 
the at least two wireless access networks has a respective security instance. At least one 
logical part of the security instance is associated with a context of a respective one of the 
wireless access networks and comprises an interface with the respective wireless access 
network. The network node further includes modifying means for modifying the context 
in the at least one logical part of the security instance associated with the respective one 
of the wireless access network via a respectively provided interface. 

Claim 20 recites a network system, which includes at least two wireless access 
networks and distributed routing means for routing subscriber traffic flow between the at 
least two wireless access networks and an internet protocol network. The distributed 
routing means routes subscriber traffic flow between at least two wireless access 
networks and an internet protocol network. The at least two wireless access networks 
correspond to different customer networks. The distributed routing means comprises at 
least one instance for executing a security function on a subscriber traffic flow, so that 
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physically one security instance for subscribers of at least two wireless access networks is 
present and logically at least one of the at least two wireless access networks has a 
respective security instance. 

Therefore, according to embodiments of the invention, latency is reduced, the 
handover mechanism is improved, and transferring entire contexts across autonomous 
systems are avoided. An architecture is provided for virtual firewalls and virtual security 
gateways, a framework and mechanism for firewall and security context transfer, and a 
policy governance model to accommodate rules and manage the mobile node preferences 
based on a roaming agreement. According to embodiments of the invention, the 
functions of firewall, security gateway and home agent are moved to the provider that 
provides instances of such functions for each customer. This facilitates the process of 
conducting context transfer and also eliminates a protocol between these instances for 
IPSec and firewall context transfer. Private peering and public peering are enabled to 
support context transfer at the provider edge which enables policy control and is more 
secure. 

As will be discussed below, Moineau fails to disclose or suggest all of the 
elements of the claims, and therefore fails to provide the advantages and features 
discussed above. 

Moineau generally discloses an apparatus which allows a secure connection of a 
user client station to a base unit. The secure connection comprises the use of 
authentication and encryption means. Moineau further discloses that the base unit 
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comprises a switching unit, at least one firewall, an authentication/encryption unit, and at 
least one port device. Moineau further discloses a secure roaming scheme when a 
roaming is performed by a wireless user. (See Moineau at Abstract.) 

Moineau further discloses a base unit 26 which comprises a firewall system 10, a 
router 12, a VPN server 14, a WLAN port 20 and a LAN 18. Figure 1 shows two mobile 
units 22 and 24 connected to a base unit 26, via a WLAN port 20. Alternatively, mobile 
unit 22 can be connected to a first base unit 26, and mobile unit 24 can be connected to a 
second base unit 26 (not shown in Figure 1). The LAN internal port 18 allows the 
connection of a base unit 26 to at least one other base unit 26 (not shown in Figure 1) and 
more generally to a LAN. Furthermore, a mobile unit user can roam from one base unit 
26 to another base unit (not shown in Figure 1). Moineau further discloses that each base 
unit 26 is located on a same subnet in order to facilitate roaming, or a base unit 26 and a 
radius authentication server is separated by a WAN. (See Moineau at paragraphs 0030- 
0038; see also Figure 1). 

Furthermore, Moineau discloses that a mobile unit can communicate with another 
mobile unit 24 via the WLAN port 20, the firewall system 10, and the router 12. 
Moineau further discloses that a mobile unit 22 can communicate with a computer 
located in an outer LAN or WAN. Alternatively, mobile unit 22 can communicate with 
another user 24 connected to a WLAN access point of another base unit 26 connected to 
the base unit 26 where the mobile unit 22 is, via the LAN internal port 18. Thus, 
Moineau discloses two forms of communication between mobile unit 22 and 24: (1) 
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communication when mobile units 22 and 24 are both connected to a first base station 26; 
and (2) when mobile unit 22 is connected to a first base station 26 and mobile unit 24 is 
connected to a second base station 26. (See Moineau at paragraphs 0030- 0044; see also 
Figure 1). 

Applicants respectfully submit that Moineau fails to disclose, teach, or suggest, all 
of the elements of the present claims. For example, Moineau fails to disclose, teach, or 
suggest, at least, "a router configured to route subscriber traffic flow between at least two 
wireless access networks and an internet protocol network, wherein the at least two 
wireless access networks correspond to different customer networks," as recited in claim 
1, and similarly recited in claims 8, and 16-20. 

The Office Action stated in the "Response" section that Applicants' arguments 
from the Response, filed on August 20, 2007 ("Previous Response"), are not persuasive 
because "the features upon which applicant relies (i.e., routing subscriber traffic between 
wireless access networks and an IP network, wherein the wireless access networks 
correspond to different customer networks) are not recited in the rejected claims(s)." 
Applicants respectfully submit that claims 1, 8, and 16-18 have been amended to recite 
(and new claims 19 and 20 do recite) "wherein the wireless access networks correspond 
to different customer networks." Therefore, the arguments from the Previous Response 
are incorporated herein. 

Furthermore, Moineau fails to disclose or suggest two wireless access networks, 
let alone two wireless access networks which correspond to different customer networks. 
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As described above, Moineau discloses two WLAN clients 22 and 24, and discloses that 
the WLAN clients are either connected to the same base unit, or connected to two 
different base units. However, Moineau discloses that the two base stations are part of 
the same subnet, and thus, part of the same wireless access network, (see Moineau at 
0038 and 0049). Moineau fails to disclose or suggest that the two base units are each a 
base unit of a different wireless access network, and fails to disclose or suggest that the 
WLAN clients are each a client of a different wireless access network. Furthermore, 
Moineau fails to disclose or suggest that each base unit (and thus, each WLAN client) is 
associated with a different customer network, as Moineau fails to disclose or suggest the 
nature of the network, beyond the fact that the network is a wireless access network. 
Therefore, Moineau fails to disclose or suggest different customer networks, as claimed 
in the present invention. 

Thus, Moineau fails to disclose, teach, or suggest, at least, "a router configured to 
route subscriber traffic flow between at least two wireless access networks and an 
internet protocol network, wherein the at least two wireless access networks correspond 
to different customer networks," as recited in claim 1, and similarly recited in claims 8, 
and 16-20. 

Therefore, for at least the reasons discussed above, Moineau fails to disclose, 
teach, or suggest, all of the elements of claims 1, 8, and 16-20. For the reasons stated 
above, Applicants respectfully request that this rejection be withdrawn. 
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Claims 2-7 depend upon claim 1. Claims 9-15 depend upon claim 8. Thus, 
Applicants respectfully submit that claims 2-7 and 9-15 should be allowed for at least 
their dependence upon claims 1, and 8, and for the specific limitations recited therein. 

For at least the reasons discussed above, Applicants respectfully submit that the 
cited prior art references fails to disclose or suggest all of the elements of the claimed 
invention. These distinctions are more than sufficient to render the claimed invention 
unanticipated and unobvious. It is therefore respectfully requested that all of claims 1-20 
be allowed, and this application passed to issue. 

If for any reason the Examiner determines that the application is not now in 
condition for allowance, it is respectfully requested that the Examiner contact, by 
telephone, the applicant's undersigned attorney at the indicated telephone number to 
arrange for an interview to expedite the disposition of this application. 
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In the event this paper is not being timely filed, the applicant respectfully petitions 
for an appropriate extension of time. Any fees for such an extension together with any 
additional fees may be charged to Counsel's Deposit Account 50-2222. 



Customer No. 32294 

SQUIRE, SANDERS & DEMPSEY LLP 
14™ Floor 

8000 Towers Crescent Drive 
Tysons Corner, Virginia 22182-2700 
Telephone: 703-720-7800 
Fax: 703-720-7802 

KMM:ksh 

Enclosures: Additional Claim Fee Transmittal 
Check No. 17861 



Respectfully submitted, 




Majid S. AlBassam 
Registration No. 54,749 
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